What happened?

Pinboard runs on servers in a Virginia datacenter. On Tuesday the FBI raided the data center and confiscated some computer equipment from our service provider, DigitalOne. This equipment included our main database server. The server was returned about a day later and is back online.

Pinboard was offline for several hours during the raid, and ran with reduced capabilities for about four days after that.

Are my bookmarks safe?

Yes. Our servers are set up so that if one fails or goes offline, the other has a full copy of the data. (For the technically minded, we use a master-master replication setup with writes going to a single master). When the FBI took the main database server away, there was an up-to-date copy available on the backup server. We also continued making daily database backups to Amazon S3 during the outage.

Why did the FBI take a Pinboard server?

I don't know. As best I can tell, the FBI was after someone else whose server was in physical proximity to ours. The kind of computer we lease is a 'blade server', which means there are about a dozen of them arranged in each computer enclosure, like books on a shelf. If the FBI took an entire enclosure (or more), it would explain why so many servers went offline. I also understand it is routine in raids like this to remove as much equipment as necessary to preserve the chain of evidence and prevent suspects from covering their tracks.

It is not possible to tell at this point whether the scope of the raid was excessive. I'm trying to find out the details of what happened and will share whatever I learn.

Does the FBI have my bookmarks?

In order for the FBI to collect this data, they would need a warrant for it. At this point I have no reason to believe our site was included in the warrant. A FOIA request for the warrant has been filed and we should be able to see it within about two weeks.

What was on the confiscated server?

The server had a full copy of our database, the Pinboard source code, and contained archived web pages from about half our archival users.

Is my password safe?

This depends on how much you trust the FBI. Pinboard passwords are stored as salted SHA1 hashes, so you should assume that the FBI could easily crack your password if they wanted to. I'm in the process of moving to a safer form of password encryption (bcrypt) but at the time of the raid the user table still contained both forms of encrypted password.

An instapaper server containing Pinboard passwords was also seized during the raid. Those passwords were (for all practical purposes) stored unencrypted. If you connected your Instapaper and Pinboard accounts at any point you should change your Pinboard password wherever you use it.

Will bookmarks that I added on the backup server stay in my account?

Yes.

Is it still safe to use Pinboard?

It is as safe as it was before the raid. Our top priority is to avoid losing user data. But please, always make backups.

How can I be sure this won't happen again?

I'll be making several changes to how the site is hosted to make sure a data center failure can't affect us this badly again, and I'll post about them here shortly.